﻿using System;
using System.Web.WebPages;
using WebMatrix.WebData;

/// <summary>
/// Summary description for Login
/// </summary>
/// 
namespace Account
{
    public static class Login
    {
        public class Model
        {
            public string Username { get; set; }
            public string Password { get; set; }
            public bool RememberMe { get; set; }
        }

        public class Errors
        {
            public ErrorMessage Username { get; set; }
            public ErrorMessage Password { get; set; }

            public Errors()
            {
                Username = ErrorMessage.Nil;
                Password = ErrorMessage.Nil;
            }
        }

        public static void Init(WebPageBase web)
        {
            // Initialize model properties      
            Model model = web.Page.Model = new Model();

            //  Initialize validation properties
            Errors errors = web.Page.Errors = new Errors();

            // If this is a POST request, validate and process data
            if (web.IsPost)
            {
                model.Username = web.Request.Form["username"];
                model.Password = web.Request.Form["password"];
                model.RememberMe = web.Request.Form["rememberMe"].AsBool();

                // Validate the user's username
                if (model.Username.IsEmpty())
                {
                    errors.Username = web.Error("You must specify a username.");                    
                }

                // Validate the user's password
                if (model.Password.IsEmpty())
                {
                    errors.Password = web.Error("You must specify a password.");                    
                }

                // Confirm there are no validation errors
                if (web.Page.IsValid)
                {
                    if (WebSecurity.UserExists(model.Username) && WebSecurity.GetPasswordFailuresSinceLastSuccess(model.Username) > 4 && WebSecurity.GetLastPasswordFailureDate(model.Username).AddSeconds(60) > DateTime.UtcNow)
                    {
                        web.Response.Redirect("~/account/AccountLockedOut");
                        return;
                    }

                    // Attempt to login to the Security object using provided creds
                    if (WebSecurity.Login(model.Username, model.Password, model.RememberMe))
                    {
                        var returnUrl = web.Request.QueryString["ReturnUrl"];
                        if (returnUrl.IsEmpty())
                        {
                            web.Response.Redirect("~/");
                        }
                        else
                        {
                            web.Context.RedirectLocal(returnUrl);
                        }
                    }

                    // If we arrived here, the login failed; convey that to the user
                    web.Page.IsValid = false;
                }
            }
        }
    }
}